sound-fx
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts with the vendor's official API at
https://noiz.ai/v1to generate sound effects. This is the primary intended function of the skill. - [SAFE]: Secret management follows best practices. The skill provides instructions for using environment variables or a local configuration file (
~/.config/noiz/api_key). The script explicitly sets restricted file permissions (0600) and directory permissions (0700) when saving the API key. - [COMMAND_EXECUTION]: The skill uses
argparseto handle user input for sound prompts and configuration. Input is processed as strings and passed to the API via HTTP requests, with no evidence of shell injection or unsafe evaluation. - [EXTERNAL_DOWNLOADS]: Generated audio files are downloaded from vendor-provided URLs (referenced as Google Cloud Storage URLs in the documentation). These downloads are the intended output of the sound generation process.
- [DATA_EXFILTRATION]: User-provided text prompts are sent to the Noiz API for processing. This is clearly documented in the Security & Data Disclosure section of the skill.
Audit Metadata